Fwd of a fwd of a fwd: -bill!
----- Forwarded message from Graham Freeman ----- Date: Thu, 30 Jul 2009 17:57:45 -0700 From: Graham Freeman Subject: [Cernio Colo] Fwd: [bitfolk] BIND 9 denial of service exploit Hey, folks, Good info from Andy Smith re protecting against BIND9 exploits. -G Begin forwarded message: > From: Andy Smith > Date: 30 July, 2009 03:22:48 PDT (CA) > Subject: Re: [bitfolk] BIND 9 denial of service exploit > > Hello, > > On Thu, Jul 30, 2009 at 12:09:31AM +0100, Jan Henkins wrote: >> Andy Smith wrote: >>> If you're running BIND 9 you'll want to upgrade because of: >>> >>> https://www.isc.org/node/474 >>> >> >> Thanks! Those running Lenny and the latest Ubuntu should be OK, >> although >> it seems Etch is running behind (no updated debs available tonight, >> could be tomorrow). RedHat/CentOS/Fedora people, here is what looks >> to >> be a useful link (could not test it, not running any of these in >> production): >> >> *http://tinyurl.com/6y4rb9* > > For those who are unable to upgrade, you can firewall off dynamic > update packets like so: > > iptables -A INPUT -p udp --dport 53 -j DROP -m u32 --u32 > '30>>27&0xF=5' > > Cheers, > Andy > > -- > http://bitfolk.com/ -- No-nonsense VPS hosting > > "I am the permanent milk monitor of all hobbies!" -- Simon Quinlank ----- End forwarded message ----- -- -bill! Sent from my computer _______________________________________________ vox-tech mailing list [email protected] http://lists.lugod.org/mailman/listinfo/vox-tech
